DOJ Wants ISPs to Retain All Customer Records

doubledoh writes "CNET reports that the Department of Justice is 'quietly shopping around' the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years, but it looks like John Q. Public may also soon be subject to similar Constitutional violations. Big Brother, here we come."

Libraries?

[XanC (644172)]

I wonder if this would extend to libraries, since they specifically continue to include Internet access from libraries in PATRIOT stuff.

Does this mean I have to start snooping on my patrons, even if I don't currently? At the moment, I don't even store who's using the machines, let alone browsing habits.

Re:Libraries?

[badmammajamma (171260)]

I don't think so since your ISP would have all that data anyway. But who knows? I figure at some point they will realise that you can get bomb making information (aka chemistry books) from a library and decide all libraries will have to have cameras that record every book everyone picks up.

All this 1984 shit pisses me off. I'd rather take my chances with the terrorists than give up all privacy and freedom. The administration can go fuck itself.

Sure thing

[jleq (766550)]

If the government tries to make that happen, the ISPs and users of the world will shout out a resounding "Fuck You". Not only is that invasion of privacy, it is technologically very difficult to store such a massive amount of information.

I just love it when people try to regulate something that they know nothing about.

Re:Sure thing

[wbren (682133)]

I just love it when people try to regulate something that they know nothing about.

Yeah, like when Bush tries to regulate drug use...oh wait, I forgot about "the college years".

Should check out Penn & Teller

[sgant (178166)]

Their latest "Bullshit" episode deals directly with the US Patriot act and crap like this. It's pretty interesting, their take on all of this.

So if I build my own internet

[putko (753330)]

So if I build my own private internet, and don't connect it to the real internet, am I free of the logging requirement?

How about if I have my own virtual internet, running on top of the real internet? Do I become a virtual ISP and then I have to keep logs?

What if I don't use the same physical protocol to move bits? E.g. instead of volatages on a wire, I used morse code or smoke signals -- do I then esacpe the logging requirement?

How big can a LAN/WAN be before it becomes the internet (assuming it isn't connected to the unfree Al Gore created internetwork)?

What if the information is not contained in the protocols, but some side-channel? Do I, as an ISP (virtual or otherwise), have the duty to discover and provide "side-channel" logs?

Obligatory Futurama quote

[Rune Berge (663292)]

Yeah, well... I'm gonna go build my own internet, with blackjack and hookers. In fact, forget the internet!

A return to the "Black Chambers"?

[N Monkey (313423)]

the idea of requiring ISP's to retain all data of their customer's online activities for at least several months. The SEC already mandates that publicly traded firms retain all company emails for at least 2 years

AHH! At last! A valid reason for SPAM. Clog up the backups...

Seriously though, surely to be thorough this would also require the post office to steam open and photocopy all correspondence? It'd be a return to the so-called Black Chambers that once existed in the US and Europe that opened dipolomatic letters.

An ISP Info Tax

[Macka (9388)]

So are the DOJ offering to pay for all this? Storing that volume of data isn't free, in fact its bloody expensive. Why should the ISP's have to pay for this themselves, they won't get any benefit from it.

Its like a hidden tax .. call it an information tax for anyone who wants to get into the ISP business.

Re:An ISP Info Tax

[pair-a-noyd (594371)]

So are the DOJ offering to pay for all this?

No, You and I are going to pay for all of this.
Along with paying for the occupation of Afghanistan, Iraq [wikipedia.org] plus all the other places the US currently occupies [occupationwatch.org], and most likely will soon attack, invade and occupy, specifically Iran and North Korea, all in the name of democracy and because "They hate our freedom"(tm)

Its like a hidden tax .. call it an information tax for anyone who wants to get into the ISP business.

Yes, it's called "Taxation without representation" [wikipedia.org]

Welcome to the New World Order [wikipedia.org]

Actually...

[PatientZero (25929)]

... because "They hate our freedom"(tm)

Osama just called to say he's hung up his terrorism hat. We no longer have enough freedom to be worth hating.

Brokerage firms and ISPs are not parallel

[putaro (235078)]

Brokerage firms are regulated by the SEC. The SEC has long mandated that brokerage firms retain ALL communications with and about customers (including phone calls and paper mail) in order to allow the SEC to investigate violations of SEC rules. These searchs are carried out with the knowledge of the investigated firms. The only time this would affect a customer's privacy would be if there was a suspicion of an SEC rule violation, such as the Martha Stewart case.

Allowing for searching of ISP logs is much more a violation of customers' privacy. There is no notification to the customer, the Justice department keeps asking for the ability to review these records without issuing a subpeona and without any oversight.

Presenting the ISP logs as an extension of the SEC rules is both incorrect and dangerous. The SEC rules are primarily for the protection of customers and are well founded Constitutionally. The ISP snooping is not.

"Patriotic" ISP's

[rich42 (633659)]

Currently if the government thinks someone is up to something bad online - they generally will have to get a warrant to either confiscate their computer, or monitor their internet access via an ISP.

Tracking -everything- all users do online might be problematic - but certainly a list of all the web sites a given user hits in a month wouldn't be too tough.

Presumably they'd need a warrant -require- an ISP turn over the logs - but there'd be nothing preventing some of the more "patriotic" ones from "cooperating in a more pro-active fashion". Ie - just turning over a nice synopsis of everything on a monthly basis.

Don't think it's possible? There's a case in Seattle where the FBI tried to get a library to hand over a list of everyone who checked out Osama Bin Laden's biography.

I've personally provided web server logs to police without a warrent because a bomb-threat was involved. I'm 100% sure that case was legit - but I probably would've helped if I was only 60% sure. In reality - they were my employers servers - so I didn't really have a choice.

"We think 1 of the 10,000 customers you service might be up to something really bad. We'd really like your logs. All of them."

Are you gonna say no? Is your boss going to let you say no? Requiring ISPs to have the data on hand is not far from requiring the data be readily available to the government upon a "request for cooperation"

Re:"Patriotic" ISP's

[Hognoxious (631665)]

There's a case in Seattle where the FBI tried to get a library to hand over a list of everyone who checked out Osama Bin Laden's biography.

That's simply retarded. Any genuine member of al-quaeda probably has a signed copy anyway, and the borderline sympathisers probably read it at the local mosque. I wouldn't piss on him if he was on fire[1], but I'd be interested to read it - know thine enemy and all that.

[1] unless I'd recently eaten asparagus.

Democracy!

[by Anonymous Coward]

How many voters does it take to change a lightbulb? ...None, voters can't change anything.

Stupid Government, Bad

[binaryspiral (784263)]

I'd like to meet this congressman and smack him in the head with a newspaper... and say "Nooooo, bad congressman"

If you still refer to the Internet as "the big blue e" then you can not regulate it.

At least we have tor

[rasteri (634956)]

Thankfully, technologies like tor [eff.org] render any ISP's logging capabilities, even if they were to log every single packet, completely useless. You can even run some p2p apps through it.

(Before I used it, I assumed it would be too slow to use. Boy was I wrong - I hardly even notice the difference in web browsing).

Why?

[t_allardyce (48447)]

Part of me wishes the mother fucking terrorists and paedophiles would just start using encryption so we can forget about all these logging/tapping ideas for good and find something else. Obviously what's going to happen in the real world is that the government(s) will waste billions getting these systems working and 3 months later everyone will be encrypting like there's no tomorrow, then these systems will be worthless. I guess after that we will just have to wait until 19 biometric ID-card holding terrorists hijack some more planes and wonder as everyone says "how did this happen?? they had ID cards!!" or perhaps until someone is gang-raped in front of 10 cameras by masked attackers who never get caught.

nothing new

[luckynoone (775973)]

How is this a surprise? Go look on google groups and see some other quiet actions being taken. Many people who ordered from chemical suppliers, even frickin plastic tubes and such from many years ago are getting threatening letters. These are legitimate citizens who are into chemistry (many licensed) getting pushed around by the DOJ. The government has MANY regulations that cost businesses a fortune to comply with. If you want to get paranoid, you could say that "the system" does these things because that way the poor man will NEVER be able to get rich, because only the rich will be able to afford to comply. So, if they can comply, and their competition is reduced in the process (i.e. smaller businesses), that is all the more bank in their pockets. Personally, this is rediculous. If someone wants to commit crimes, they will find a way. This just reduces our liberties and privacy. Isn't this really what the terrorists wanted all along? A paranoid country spending tons of money on the mere thought of an attack? wide spread panics? companies going out of business due to new regulations? This is what the terrorists wanted. All it took was 19 guys to turn us into our own worst enemy.

Again with the child pornography

[putaro (235078)]

I RTFA and, again, "child pornography" is being trotted our as the excuse for violating everyone's rights. Does anyone have any idea how much kiddie porn is really out there? I'd go look but I don't want anything hanging around in my browser cache. [slashdot.org]

No problem

[williamhooligan (892067)]

I'm all for it. Provided that the DOJ is similarly obliged to log and deliver to my inbox a notification that someone in the DOJ has mentioned considering making me the subject of an investigation, so that I can run away and change my name. Also, if I get apprehended and the case goes to trial, I want the log of every jury member, prosecutor and member of the judiciary subpoenaed and presented as evidence for the defence. I'd happily be imprisoned for a cause I believe in, but I'll be damned if I'm being convicted by someone that likes shopping for antique furniture and goat porn.

Back to the Roman Empire analogy

[panurge (573432)]

I'm sorry to bang on about my hobbyhorse, but...

I'm quite convinced that Karl Rove et al take the history of the Roman Empire very seriously in assessing how to preserve the special status of the American ruling class (=patricians.)

The point about the Roman Empire was that there was nowhere to hide for its citizens. The reason that, when accused of crimes, senators went off and committed suicide was that there was nowhere to escape to. This gave the people in power effectively total control.

In classical Rome, just like Elizabethan England, huge networks of paid informers ensured that the government knew what people were thinking. The result was that the upper classes could continue their internecine wars (i.e. kill one another) while knowing that the system that kept them, as a class, in power was secure. There was no risk that while they were slaughtering one another, the peasants would revolt. Of course, in Rome the emperor also had a private security force - but ultimate power was controlled by whoever had the support of the army. So one Imperial tactic was to keep the army as far away from Rome as possible fighting foreign wars.

Any similarities are purely coicidental.

It won't happen ... here's why

[Luscious868 (679143)]

Corporations can basically pay to have just about anything enacted into law if they have enough money to throw at the issue and it's not so egregious as to piss off Joe Sixpack. There's no way the large ISP's will go for this. Look at who some of these large ISP's are. We're talking about large media conglomerates and cable and telecommunications companies. This would probably cost them a lot of time and money to setup and maintain so there's no way they'll go for it and they'll spend a lot of cash to defeat it. They'll score points with the privacy advocates for fighting it and it will benefit them in terms of profitability. It's a win - win for them. This will never happen.

Re:Log size?

[RickPartin (892479)]

They don't need to log everything in the beginning. The goal is not to take all our freedoms and privacies all at once. They just want to get the ball rolling. They will ask the ISPs to log a totally unreasonable amount of data knowing they will settle for a lesser but still privacy killing amount. Then every few years as storage technology improves, more and more will be logged.

This beautifully refined process of slowly chipping away at our rights always begins like this. Figure out a way to kill this right now or you never will.

Re:Log size?

[phulshof (204513)]

As storage technology improves, so will network technology, which means that what can be logged now is what can be logged later. Now for why it's too costly:
1. Divide the profit of an avarage large ISP by its amount of customers.
2. Calculate the cost of storing the avarage data throughput of a client per 3 months.
3. Be astonished on how many years of company profits will go into setting up this system.
4. Wonder how on earth you're going to search through such a huge data storage.
5. ?
6. Profit!

Re:Log size?

[arivanov (12034)]

While both of them improve, Jo average speed of typing and speed of perception does not. As a result while the amount of data grows (flash, animations, video), the amount of items remains relatively constant (or grows at a much slowlier rate). Do not forget that the DOJ (or its equivalent elsewhere) can subpoena the data from the source or destination or both. Hence all it needs to see at the ISP level is that the data has been exchanged. Similarly, the fact that the data has been exchanged is sufficient to subpoena the content (Carnivore anyone?).

There is plenty of technology to do this now. No need for storage improvement. They can get it now and they are likely to get it.

Re:hide your text

[Catbeller (118204)]

Thinking about it, I realize that most people, to say the least, aren't trying to hide anything, and won't encrypt.

The danger comes from not just the government, which is bad enough, considering the direction they are going -- no subpoenas, rooting through your life on fishing expeditions -- but from hostile parties using their proven insider connections to the ISPs and the government to conduct their own surveillance and destruction campaigns against targeted individuals.

Cults such as the Moonies and the Scientologists have shown that there is no limit to the means they will employ to destroy even the slightest criticism. They won't even have to leave the bunker with such data available. They can phone in disaster on their "enemies".

Journalists will have to live spotless lives to avoid being ruined by even the most casual search into their life's database, thus insuring the silence of the fourth estate -- even quieter than they are now.

Of course, the people who will utilize this data, government officials and the shadowy almost-governments such as cults, as well as the very wealthy and/or celebrated, will be immune to such searches, being largely anonymous in their activities. They'll make sure of that.

Make it bad for thier political careers

[by Anonymous Coward]

Find and compromise as many of these files as you can. Identify as many politicians' accounts as you can. Post all of the log files on the internet.

If even half of the log files found are as embarrassing as I'm imagining then all of Washington would go into a buzz about protecting privacy.

Re:Log size?

[bigpat (158134)]

"This beautifully refined process of slowly chipping away at our rights always begins like this. Figure out a way to kill this right now or you never will."

Never? Abusive dictatorships get violently overthrown at some point or another, how long it takes to be corrupted into another abusive dictatorship is a measure of the wisdom of the new system.

We are just following the age old cycle: Rebel, rinse, repeat.

Re:Log size?

[Jeremiah Cornelius (137)]

Yeah.

They are looking for needles?
Make BIGGER haystacks.

Tor, now than ever. [eff.org]

Re:Log size?

[hspaans (573672)]

This discussion is also going on in Europe and in the Netherlands there are ISP like XS4ALL, BIT and Interned Services who have made some calculations. The cost is pretty high, but it seems the government and the EU are still pushing this in name of preventing crime and terror.

Some Dutch and English reading material can be found here http://www.ispo.nl/home/dossiers/bewaarplicht/ [www.ispo.nl].

What I want to know is...

[Nick Driver (238034)]

...when next the US Post Office will be required to scan and image and index into a searchable database every letter and document that flows thru the postal system.

Re:Simple way to get this shot down ... by the NRA

[Jaysyn (203771)]

If encryption is a munition, why aren't more of us in the NRA?

Jaysyn

Re:glad i don't live in america

[EzInKy (115248)]

...land of the free indeed. such idea's come from idiot pencil pushers with no technical savy.

Well, it seems we don't have a monopoly on idiot pencil pushers. Quote from the article:

"France, the United Kingdom, Ireland and Sweden jointly submitted their data retention proposal to the European Parliament in April 2004. Such mandatory logging was necessary, they argued, "for the purpose of prevention, investigation, detection and prosecution of crime or criminal offenses including terrorism.""

Idiot pencil pushers are everywhere

[scsirob (246572)]

This isn't a USA-only problem. Similar pencil pusher idiots are trying to get ISPs in The Netherlands to store *ALL DATA* including e-mail, web traffic, P2P et al for 3 years!

Just the disk systems required to do so will contribute significantly to global warming...

Has this been used?

[Reverse Gear (891207)]

As far as I know the law has passed in Denmark also.
I remember some discussions about how small an ISP you have to be to be free from these demands as it is a major expense and even worse for small ISP's.
I think the limit for this was set to 1000 customers here in Denmark, but I may remember this wrongly.

Does anyone know about these systems being used by the police etc. in the countries where this has been implemented?

Re:glad i don't live in america

[Basje (26968)]

FWIW, this is standard issue in Europe already

Re:glad i don't live in america

[daikokatana (845609)]

Not quite. I know someone who works for a large ISP in Belgium, and we've had a very lengthy discussion on this topic.

At the moment, systems are in please so that they can MONITOR everything that is sent out onto the network.

The article however, speaks of retaining the information, in other words storing everything.

I myself work for a hosting company: we host several websites (not much) internally, they generate a total of 18GB log files averaged per day! I cannot imagine storing them for years and ye

Re:Is it a Constitutional violation?

[doubledoh (864468)]

I'm afraid that almost every law the feds push is a violation of the Constitution:

Amendment IX
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X
The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

Re:Is it a Constitutional violation?

[Kjella (173770)]

Those are checkpoints, and generally don't need to register information. Yes, you can be recorded by a camera or strip searched, but that is quite different from having your driving habits profiled and your possessions recorded in a log.

Two months of Internet data? I consider that roughly as invasive as having an agent follow me around for two months. Seriously, these days I read my news online. I use e-mail for communication. I look up anything I want to on google instead of the library. I check out products I want to buy. Two months of IRC logs I don't even want to talk about. As long as I am doing nothing wrong, that is NONE OF YOUR FUCKING BUSINESS. Sigh. Building a massive profile database is simply wrong.

Free state:
1. Suspicion/reason for inquery
2. Get court order
3. Gather evidence
4. Prosecute

Police state:
1. Gather massive profile
2. Get court order*
3. Review profile for evidence
4. Prosecute

*optional

Do you remember the time, when the difference between us and the East block was that in the East block, the government kept a massive profile on everyone? When the difference was that you could travel around, without the government recording all your movements? he founding fathers never imagined a situation like today. Then, people had to watch people. Now, machines watch people. I am sure that if they had, they would have made an amendment limiting the right of government to do so ex facto, before the fact.

Kjella

Re:Is it a Constitutional violation?

[doubledoh (864468)]

Man, I hate your points...because they are so spot on and scary. We really are moving into a bleak totalitarian future.

One day, after my application for a Parental License is approved by the DOJ, I hope my kid doesn't ask me, "Daddy, what was freedom like like when you were a boy?"

Or the even worse question, "Why didn't anyone try to stop them from taking away your freedom?"

I guess I'll just have to reply, "The Ministry of Peace needed to combat terrorists."

Re:Is it a Constitutional violation?

[bigpat (158134)]

"One day, after my application for a Parental License is approved by the DOJ, I hope my kid doesn't ask me, "Daddy, what was freedom like like when you were a boy?""

Come on you are being reactionary, Freeedom will still be around well into the future. Your kids are safe. It will be just a new and improved freedom in Amerika. And with that great new freedom will come great responsibility to defend it.

To protect our freedom we will have to institute more checkpoints so that the criminals, terrorists, tax evaders and other enemies of freedom can be caught as they try to subvert our freedoms. To help us in our fight against freedom haters, universal surveillance will be possible for the first time in history. Powerful computers will be able to identify suspicious behavior so that activity records can be flaged for further study. Almost immediately any suspicious individual, could be automatically restricted to geographically defined areas, so that any potential subversive activities can be squelched and damage to freedom limited. We will call this the Cat Stevens freedom protection system, or CSFP for short. Once access to government controlled privileges such as transportation are limited, then offenders can in most cases be convinced that freedom gives you many many benefits, such as health care and access to alcohol.

Everyone has to do their fare share to defend Freedom. That means that people must work hard and contribute to freedom. In fact I imagine the economy will be replaced in whole by freedom. No longer will we be limited by the scourge of market economics where people of dubious character exchange goods, services and ideas without any concern for their contributions to freedom. But rather people of esteemed character will get credits for their efforts. We can call them freedom credits. This will allow those most deserving of our respect, for their efforts in support of freedom, to most enjoy freedom's benefits. After all those who don't work for freedom obviously don't want it.

So, rest assured. In the future your child will be much more than happy in our brave new world where freedom is the new currency and is at the very core of our society.

Re:Shadowy Motives

[doubledoh (864468)]

I personally have no problem limiting my freedom a bit, for the sake of national security. But when the government abuses my goodwill, and uses it so shamelessly, I feel like being raped again and again.

That's why you should never allow the government to limit your freedom "a bit" because inevitably that "bit" will become full blown anal rape.

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin

This guy knew what he was talking about...so did the rest of the guys that drafted the Constitution. It's too bad most of their wisdom is ignored today.

Re:Shadowy Motives

[doubledoh (864468)]

Yeah, I think the big problem here is that the government has really learned how to exploit fear to gain support for these "safety" measures. However, I've never witnessed ONE government program that ever lived up to its promises. I mean really...do you feel safer today than you did in 2000? Look at the drug war. We dump over 20 billion a year (probably more now) over the war on drugs...but drug use and availability has steadily increased while drug prices have dramatically decreased! It's totally insa

Re:Shadowy Motives

[hacker (14635)]

"Yeah, I think the big problem here is that the government has really learned how to exploit fear to gain support for these "safety" measures."

Gee, what word [reference.com] does that remind you of?

Re:ok

[putaro (235078)]

US Constitution

Amendment IV - Search and seizure. Ratified 12/15/1791.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:For the benefit of the non-US people here

[putaro (235078)]

You said the right words - don't you think that this is an unlawful search and seizure?

Amendment IV - Search and seizure. Ratified 12/15/1791.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Re:For the benefit of the non-US people here

[Tim C (15259)]

Actually, no I don't. I don't see that anything is being seized, at least not in the traditional sense of taking it (possibly by force or under threat of force) from my possession. Likewise, merely recording the information cannot possibly qualify as "search".

Now, if those logs were actually searched or data mined, then perhaps it would fall foul of the "unlawful search" clause, but failing that, I don't see that it does violate that particular Amendment.

(Of course, IANAL, etc)

Re:what a great idea !

[CmdrGravy (645153)]

In fact there are a lot of people here in the UK who do take action against speed cameras in order to disable them. There is even an organisation dedicated to this hobby. We don't need guns.

Re:PEOPLE WHO CARE ABOUT "PRIVACY" ARE CRIMINALS!

[putaro (235078)]

Well, Lucas, I looked through some of your other posts and noticed that your have encryption turned on on your wireless network. Why? Do you have something to hide?

I assume that you have encryption turned on to keep bad people from hacking into your network and reading your PRIVATE data. Now, how good a job do you think your ISP is going to do of securing all of the logs of all of your activity?